Fyltec

Privacy Policy

Effective date: 19 June 2026

Applies to: the Fyltec mobile and desktop apps, the Fyltec parental-control service, and fyltec.com.

Fyltec is a parental-control service operated by parents and guardians. The account holder is an adult who configures the service, links (“pairs”) a child’s device, and consents to the data processing described here on behalf of their household. The child-device app is a companion that only operates after a parent pairs it.

If you do not agree with this policy, do not create an account or pair a device.

Who we are :

Fyltec (Pty) Ltd, 18 Glenian Road, Sandton, Gauteng, South Africa 2191

Privacy contact: privacy@fyltec.com · Data Protection Officer: dpo@fyltec.com

1. Summary

  • We collect the account, device, safety-event, and (where the parent enables it) location data needed to deliver parental controls.
  • A parent must consent before any data is collected from a child’s device.
  • We do not sell your data, and we do not share browsing, location, app-usage, or activity data with third parties for their own purposes.
  • You can review, export, or delete your household’s data, and turn location off, at any time.

2. Information we collect

a. Account information

Email address, a securely hashed password, and account role (parent or guardian). Optionally a referral code.

b. Device and pairing information

A device name you choose, a Fyltec-issued device identifier, device platform, online/offline status, and battery level. We use a Fyltec-generated identifier rather than a permanent hardware identifier.

c. Content-filtering and activity data (child or self-managed devices)

To apply and report on safety rules, the service processes, on devices where the parent has enabled monitoring:

  • Domains/websites requested (allowed and blocked) and blocked-access attempts;
  • Search queries and app open/close events;
  • Tamper events (e.g., attempts to disable filtering or uninstall the app).

This data is associated with the linked parent account, encrypted at rest, and is visible only to the parent who manages that household. It is used solely to provide filtering, alerts, and the in-app reports the parent has subscribed to. It is never sold or shared with third parties for advertising or their own purposes.

d. Location data (only when the parent enables Location)

When a parent turns on Location for a device, the app collects the device’s GPS location (by default every five minutes) and geofence enter/exit events, to display the device’s location and history to the parent and to send safe-zone alerts. Location is off until a parent enables it and can be turned off at any time.

e. Push notification tokens

A push token (Apple Push Notification service on iOS; Firebase Cloud Messaging, a Google service, on Android) so we can deliver parental alerts.

f. Payment information

Subscriptions are processed by Stripe. Card details are entered into and handled by Stripe; Fyltec receives only subscription status and limited billing metadata, not full card numbers.

g. Marketing attribution and diagnostics

If you arrive via a marketing link, we may capture campaign parameters (e.g., utm_source, utm_medium, utm_campaign) at registration. We also process limited technical/diagnostic information needed to operate and secure the service.

We do not use the Advertising Identifier (IDFA), App Tracking Transparency tracking, or third-party advertising or cross-app-tracking analytics SDKs.

3. How we use information

We use the information above to: authenticate accounts; pair and manage devices; apply content-filtering and scheduling rules; generate the activity and location reports the parent has subscribed to; send parental alerts; process subscriptions; provide support; and maintain the security and integrity of the service. Legal bases (where GDPR applies) are performance of the parental-control contract, the parent’s consent (for location and for processing a child’s data), and our legitimate interest in securing the service.

4. Children’s privacy and parental consent

Fyltec is designed for parents to protect children and is not directed to children for independent sign-up children do not create accounts. A child’s device is added only when a parent pairs it using a parent-held code and accepts our Terms and this Privacy Policy, which constitutes verifiable parental consent under COPPA and equivalent laws.

A parent may, at any time: review the data collected from a paired device; stop collection by unpairing the device or disabling features; and request deletion of that device’s data. We collect from a child’s device only the data needed to deliver the parental-control features the parent has enabled, and we do not use it for any other purpose.

5. How content filtering and the network proxy work

To filter content, Fyltec routes the device’s DNS lookups through the app’s on-device VPN/DNS proxy and Fyltec’s filtering service, which determines whether a domain should be allowed or blocked. When Fyltec’s service is unavailable, requests fall back to a family-safe public resolver (Cloudflare for Families). **Consistent with Apple’s requirements for apps that use a VPN/DNS proxy, Fyltec does not sell, and does not disclose to third parties for their own purposes, any data carried over or derived from this connection.**

6. Sharing and third-party processors

We do not sell personal information. We share data only with service providers (“processors”) who act on our instructions and are contractually bound to protect it to the same standard described here:

  • Cloud hosting provider: Hosting the Fyltec backend and database
  • Google (Firebase Cloud Messaging): Push notifications on Android
  • Apple (APNs): Push notifications on iOS
  • Google Maps: Displaying device location to the parent
  • Cloudflare for Families: Fallback family-safe DNS resolution
  • Stripe: Subscription payment processing

We may also disclose information where required by law, to protect rights and safety, or in connection with a corporate transaction, in which case this policy will continue to govern your data.

7. Data retention

We keep data only as long as needed to provide the service or meet legal obligations:

  • Activity/browsing logs: By plan: 30 days (Basic), 90 days (Standard), or 12 months (Premium); deleted automatically thereafter |
  • Location history: 7 or 30 days, per plan and parent setting
  • Account and pairing records: For the life of the account
  • Payment/billing records: As required by law and tax obligations

When you delete a device, household, or account, the associated activity and location data is deleted (subject to short backup-rotation periods and any legal retention requirement).

8. Security

We protect data using authentication controls, role-based access, encryption of activity data at rest, and encrypted transport. No method of transmission or storage is perfectly secure, but we work to protect your information and to limit access to those who need it to operate the service.

9. Your rights and choices

Depending on your location, you may have rights to access, correct, export, or delete your personal information, to object to or restrict certain processing, and to withdraw consent. Parents can exercise these for their household, including a child’s paired device. In the app you can: turn Location on/off, unpair a device, adjust monitoring features, and request account/data deletion. To make a request, contact privacy@fyltec.com. You may also lodge a complaint with your data-protection regulator.

  • South Africa (POPIA): You have the rights of access, correction, and deletion, and may complain to the Information Regulator. dpo@fyltec.com.
  • EU/UK (GDPR): Rights as above; legal bases are described in Section 3; international transfers are safeguarded per Section 10.
  • California (CCPA/CPRA): We do not sell or “share” (for cross-context behavioral advertising) personal information. You have rights to know, delete, correct, and to non-discrimination.

10. International transfers

Your information may be processed in countries other than your own. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

11. Changes to this policy

We may update this policy. Material changes will be notified in-app or by email, and the “Effective date” above will be revised. Continued use after an update constitutes acceptance.

12. Contact

Fyltec (Pty) Ltd

Privacy: privacy@fyltec.com · DPO/Information Officer: dpo@fyltec.com